In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 14684, and between 14689 and 14750), the AlarmEscalation module is vulnerable to unauthenticated SQL Injection attack.
2020-10-01T19:15:12.893
2024-11-21T05:05:42.700
Modified
CVSSv3.1: 9.8 (CRITICAL)
AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | zohocorp | manageengine_applications_manager | < 14.6 | Yes |
| Application | zohocorp | manageengine_applications_manager | 14.6 | Yes |
| Application | zohocorp | manageengine_applications_manager | 14.6 | Yes |
| Application | zohocorp | manageengine_applications_manager | 14.6 | Yes |
| Application | zohocorp | manageengine_applications_manager | 14.6 | Yes |
| Application | zohocorp | manageengine_applications_manager | 14.6 | Yes |
| Application | zohocorp | manageengine_applications_manager | 14.6 | Yes |
| Application | zohocorp | manageengine_applications_manager | 14.7 | Yes |
| Application | zohocorp | manageengine_applications_manager | 14.7 | Yes |
| Application | zohocorp | manageengine_applications_manager | 14.7 | Yes |
| Application | zohocorp | manageengine_applications_manager | 14.7 | Yes |
| Application | zohocorp | manageengine_applications_manager | 14.7 | Yes |
| Application | zohocorp | manageengine_applications_manager | 14.7 | Yes |